Does your company or organisation handle sensitive, protected, or confidential data? Always handle such data with care. Otherwise, the information may fall into the hands of third parties, intentionally or unintentionally . If sensitive data is copied, sent, viewed, stolen, or used by a person who does not have permission to do so, you are dealing with a data breach.
On this page
How does a data breach arise?A data breach can occur as a result of a security vulnerability. This allows cybercriminals to gain access to computer files containing personal data, financial information, or trade secrets. Other examples of ways in which personal data inadvertently ends up in the hands of others include:
- A business email sent to a wrong address;
- Business laptops and USB sticks that are stolen or lost;
- Discarded business computers, smartphones and tablets that are resold without being wiped clean.
Handling sensitive dataMany data breaches also arise because internal employees handle sensitive data carelessly. Or they are not aware that the information may be of interest to a third party. It is not possible to protect all information within your organisation. Make an inventory of sensitive information and handle it with care. Handling with care means, for example, not sharing the information with everyone in the organisation, and training the people who work with the data. When an employee is aware of the type of information they are working with and why it is important to handle it carefully, they are less likely to make mistakes or handle the data carelessly.
A data breach may also be a violation of the General Data Protection Regulation (GDPR). If it is, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, DPA) can impose a fine on your company or organisation.
Data breach notification obligationIf you have discovered a data breach, you must report this to the DPA within 72 hours. You must also notify the persons involved of any theft, loss, or abuse of personal data for which you are responsible. The GDPR demands that businesses register and file all data leaks. If you fail to notify a data breach in time, the DPA may impose a fine. Read more about the GDPR.
Preventing a data breachNaturally, you do not want your sensitive, protected, or confidential company data to be exposed.
Keep company information safe and prevent it from being viewed or made public. The greater the awareness and the stricter the measures, the better. That way, if equipment is stolen or lost, the risk of business loss or a data breach is reduced. Here are some tips for preventing a data breach: